From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from thejh.net ([37.221.195.125]:46089 "EHLO thejh.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757016AbcB1LLg (ORCPT ); Sun, 28 Feb 2016 06:11:36 -0500 Date: Sun, 28 Feb 2016 12:11:33 +0100 From: Jann Horn To: Corey Wright Cc: stable@vger.kernel.org Subject: Re: [PATCH 1/1] proc: Fix ptrace-based permission checks for accessing task maps Message-ID: <20160228111133.GA9926@pc.thejh.net> References: <20160228023921.0f3909a6454c305068574adb@pobox.com> <20160228024239.c82b6c2db17c670611ee6b16@pobox.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline In-Reply-To: <20160228024239.c82b6c2db17c670611ee6b16@pobox.com> Sender: stable-owner@vger.kernel.org List-ID: --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 28, 2016 at 02:42:39AM -0600, Corey Wright wrote: > Modify mm_access() calls in fs/proc/task_mmu.c and fs/proc/task_nommu.c to > have the mode include PTRACE_MODE_FSCREDS so accessing /proc/pid/maps and > /proc/pid/pagemap is not denied to all users. >=20 > In backporting upstream commit caaee623 to pre-3.18 kernel versions it was > overlooked that mm_access() is used in fs/proc/task_*mmu.c as those calls > were removed in 3.18 (by upstream commit 29a40ace) and did not exist at t= he > time of the original commit. The patch looks good to me, the FSCREDS mode is appropriate there. (Note: There is probably going to be another patch that touches lots of procfs stuff soon, and if it gets backported, the functions changed in this patch should probably be changed for that backport again.) > Signed-off-by: Corey Wright > Cc: Jann Horn > --- > fs/proc/task_mmu.c | 4 ++-- > fs/proc/task_nommu.c | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) >=20 > diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c > index 9f285fb..b86db12 100644 > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -170,7 +170,7 @@ static void *m_start(struct seq_file *m, loff_t *pos) > if (!priv->task) > return ERR_PTR(-ESRCH); > =20 > - mm =3D mm_access(priv->task, PTRACE_MODE_READ); > + mm =3D mm_access(priv->task, PTRACE_MODE_READ_FSCREDS); > if (!mm || IS_ERR(mm)) > return mm; > down_read(&mm->mmap_sem); > @@ -1044,7 +1044,7 @@ static ssize_t pagemap_read(struct file *file, char= __user *buf, > if (!pm.buffer) > goto out_task; > =20 > - mm =3D mm_access(task, PTRACE_MODE_READ); > + mm =3D mm_access(task, PTRACE_MODE_READ_FSCREDS); > ret =3D PTR_ERR(mm); > if (!mm || IS_ERR(mm)) > goto out_free; > diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c > index 56123a6..123c198 100644 > --- a/fs/proc/task_nommu.c > +++ b/fs/proc/task_nommu.c > @@ -223,7 +223,7 @@ static void *m_start(struct seq_file *m, loff_t *pos) > if (!priv->task) > return ERR_PTR(-ESRCH); > =20 > - mm =3D mm_access(priv->task, PTRACE_MODE_READ); > + mm =3D mm_access(priv->task, PTRACE_MODE_READ_FSCREDS); > if (!mm || IS_ERR(mm)) { > put_task_struct(priv->task); > priv->task =3D NULL; > --=20 > 1.7.9.5 --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJW0tXlAAoJED4KNFJOeCOoMGkQAK81aNA0u9r8g37JZJGuH8C9 DXqUYpa20RafR6D7YLH6xbXbz5kaG4ngC7+1R/hPrjrs55bprb4rqmxcVIEIrkkX pu29uBuSMPAsLufIdPk3J87yc4rrDakxYym7WH+nyZBhWUv2kuvecoXSTNQjzm91 UljmjCywSGaesDTYwEpkK1ewlM0lrXdZHaOViQrVhnBitJnMKVxielxGHi4gK2qB lfKIV1wUAfYiTHOGnV6uZp2ou1T1Dl1sa+HRa/0JDgcbhD0DcauG7kw7K8GUPjdh XtuHgdImQXA4yncbWwW0M2MqULGBBUHYaWOTVhzUtZIKw838t/9AuIEQkR077nNi 1i7ZimpMdyaJp0HuaMPswxBvEUUgddRe0FKn/oM/mc0YIiiTaSRovH8KNl5906Ns oPZELhp2+xi3S2/87m9nt6JjdzPkdzdnV1qmdOXMUtEKb0ixCEzzNaQ7l7XLiLux 7wF1Clpo9NaF82Ozq7NKUaOhp7DwES41nGBbXGXI9D4+UqxdcuktI/ViXDzBjRao Bw8bApN2j6chlJAHkBv3NqQaagORH2X+jxh+zRmrvnOMVvZ/XqXEzVSAqRBJHo1V qi47IHVxDeAO245Ryjdbe6hl4VA1YtUx5SGS5hSvYwJQBN5HV7S7uDy2fV69G2R1 9NmwEH97zR/nYOfdhXgw =FyYJ -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV--